mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Purge the AES variant of Dilithium

Browse Source
This commit is contained in:
Anthony Hu 2022-12-27 12:21:56 -05:00
parent 19033d82fe
commit b3e99348cd
17 changed files with 105 additions and 2629 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/dilithium/bench_dilithium_aes_level2_key.der
View File

Binary file not shown.

BIN
certs/dilithium/bench_dilithium_aes_level3_key.der
View File

Binary file not shown.

BIN
certs/dilithium/bench_dilithium_aes_level5_key.der
View File

Binary file not shown.

5
certs/dilithium/include.am
View File

@ -5,7 +5,4 @@
EXTRA_DIST += \
certs/dilithium/bench_dilithium_level2_key.der \
certs/dilithium/bench_dilithium_level3_key.der \
certs/dilithium/bench_dilithium_level5_key.der \
certs/dilithium/bench_dilithium_aes_level2_key.der \
certs/dilithium/bench_dilithium_aes_level3_key.der \
certs/dilithium/bench_dilithium_aes_level5_key.der
certs/dilithium/bench_dilithium_level5_key.der

3
gencertbuf.pl
View File

@ -111,9 +111,6 @@ my @fileList_dilithium = (
["certs/dilithium/bench_dilithium_level2_key.der", "bench_dilithium_level2_key" ],
["certs/dilithium/bench_dilithium_level3_key.der", "bench_dilithium_level3_key" ],
["certs/dilithium/bench_dilithium_level5_key.der", "bench_dilithium_level5_key" ],
["certs/dilithium/bench_dilithium_aes_level2_key.der", "bench_dilithium_aes_level2_key" ],
["certs/dilithium/bench_dilithium_aes_level3_key.der", "bench_dilithium_aes_level3_key" ],
["certs/dilithium/bench_dilithium_aes_level5_key.der", "bench_dilithium_aes_level5_key" ],
);
#Sphincs+ Post-Quantum Keys

119
src/internal.c
View File

@ -2857,27 +2857,6 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo,
*inOutIdx += 1;
}
else
if (sigAlgo == dilithium_aes_level2_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL2_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL2_SA_MINOR;
*inOutIdx += 1;
}
else
if (sigAlgo == dilithium_aes_level3_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL3_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL3_SA_MINOR;
*inOutIdx += 1;
}
else
if (sigAlgo == dilithium_aes_level5_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL5_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL5_SA_MINOR;
*inOutIdx += 1;
}
else
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifdef WC_RSA_PSS
@ -2957,12 +2936,6 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
&idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_level5_sa_algo, keySz,
&idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_aes_level2_sa_algo, keySz,
&idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_aes_level3_sa_algo, keySz,
&idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_aes_level5_sa_algo, keySz,
&idx);
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
}
@ -4052,18 +4025,6 @@ static WC_INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsTy
*hsType = dilithium_level5_sa_algo;
*hashAlgo = sha512_mac;
}
else if (input[1] == DILITHIUM_AES_LEVEL2_SA_MINOR) {
*hsType = dilithium_aes_level2_sa_algo;
*hashAlgo = sha512_mac;
}
else if (input[1] == DILITHIUM_AES_LEVEL3_SA_MINOR) {
*hsType = dilithium_aes_level3_sa_algo;
*hashAlgo = sha512_mac;
}
else if (input[1] == DILITHIUM_AES_LEVEL5_SA_MINOR) {
*hsType = dilithium_aes_level5_sa_algo;
*hashAlgo = sha512_mac;
}
#endif /* HAVE_DILITHIUM */
break;
#endif
@ -13028,7 +12989,6 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
#endif /* HAVE_PQC */
#if defined(HAVE_DILITHIUM)
case DILITHIUM_LEVEL2k:
case DILITHIUM_AES_LEVEL2k:
if (ssl->options.minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL2_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
@ -13037,7 +12997,6 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
}
break;
case DILITHIUM_LEVEL3k:
case DILITHIUM_AES_LEVEL3k:
if (ssl->options.minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL3_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
@ -13046,7 +13005,6 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
}
break;
case DILITHIUM_LEVEL5k:
case DILITHIUM_AES_LEVEL5k:
if (ssl->options.minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL5_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
@ -14416,9 +14374,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
case DILITHIUM_AES_LEVEL2k:
case DILITHIUM_AES_LEVEL3k:
case DILITHIUM_AES_LEVEL5k:
{
int keyRet = 0;
if (ssl->peerDilithiumKey == NULL) {
@ -14433,37 +14388,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (keyRet == 0) {
if (args->dCert->keyOID == DILITHIUM_LEVEL2k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 2,
SHAKE_VARIANT);
keyRet = wc_dilithium_set_level(
ssl->peerDilithiumKey, 2);
}
else if (args->dCert->keyOID == DILITHIUM_LEVEL3k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 3,
SHAKE_VARIANT);
keyRet = wc_dilithium_set_level(
ssl->peerDilithiumKey, 3);
}
else if (args->dCert->keyOID == DILITHIUM_LEVEL5k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 5,
SHAKE_VARIANT);
}
else if (args->dCert->keyOID
== DILITHIUM_AES_LEVEL2k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 2,
AES_VARIANT);
}
else if (args->dCert->keyOID
== DILITHIUM_AES_LEVEL3k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 3,
AES_VARIANT);
}
else if (args->dCert->keyOID
== DILITHIUM_AES_LEVEL5k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 5,
AES_VARIANT);
keyRet = wc_dilithium_set_level(
ssl->peerDilithiumKey, 5);
}
}
@ -24949,18 +24883,6 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
/* Certificate has Dilithium level 5 key, only match with it. */
return sigAlgo == dilithium_level5_sa_algo;
}
if (ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL2) {
/* Certificate has Dilithium AES level 2 key, only match with it. */
return sigAlgo == dilithium_aes_level2_sa_algo;
}
if (ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL3) {
/* Certificate has Dilithium AES level 3 key, only match with it. */
return sigAlgo == dilithium_aes_level3_sa_algo;
}
if (ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL5) {
/* Certificate has Dilithium AES level 5 key, only match with it. */
return sigAlgo == dilithium_aes_level5_sa_algo;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifdef WC_RSA_PSS
@ -25080,10 +25002,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
#if defined(HAVE_DILITHIUM)
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2 ||
ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3 ||
ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5 ||
ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL2 ||
ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL3 ||
ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL5 ) {
ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5) {
/* Matched Dilithium - set chosen and finished. */
ssl->suites->sigAlgo = sigAlgo;
ssl->suites->hashAlgo = hashAlgo;
@ -25848,9 +25767,6 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
if (ssl->buffers.keyType == dilithium_level2_sa_algo ||
ssl->buffers.keyType == dilithium_level3_sa_algo ||
ssl->buffers.keyType == dilithium_level5_sa_algo ||
ssl->buffers.keyType == dilithium_aes_level2_sa_algo ||
ssl->buffers.keyType == dilithium_aes_level3_sa_algo ||
ssl->buffers.keyType == dilithium_aes_level5_sa_algo ||
ssl->buffers.keyType == 0) {
ssl->hsType = DYNAMIC_TYPE_DILITHIUM;
@ -25860,28 +25776,13 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
}
if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
2, SHAKE_VARIANT);
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 2);
}
else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
3, SHAKE_VARIANT);
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 3);
}
else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
5, SHAKE_VARIANT);
}
else if (ssl->buffers.keyType == dilithium_aes_level2_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
2, AES_VARIANT);
}
else if (ssl->buffers.keyType == dilithium_aes_level3_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
3, AES_VARIANT);
}
else if (ssl->buffers.keyType == dilithium_aes_level5_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
5, AES_VARIANT);
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 5);
}
else {
/* What if ssl->buffers.keyType is 0? We might want to do something

122
src/ssl.c
View File

@ -5244,7 +5244,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DILITHIUM_LEVEL2k:
case DILITHIUM_AES_LEVEL2k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
@ -5252,7 +5251,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
}
break;
case DILITHIUM_LEVEL3k:
case DILITHIUM_AES_LEVEL3k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
@ -5260,7 +5258,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
}
break;
case DILITHIUM_LEVEL5k:
case DILITHIUM_AES_LEVEL5k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
@ -6251,10 +6248,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
if ((*keyFormat == 0) ||
(*keyFormat == DILITHIUM_LEVEL2k) ||
(*keyFormat == DILITHIUM_LEVEL3k) ||
(*keyFormat == DILITHIUM_LEVEL5k) ||
(*keyFormat == DILITHIUM_AES_LEVEL2k) ||
(*keyFormat == DILITHIUM_AES_LEVEL3k) ||
(*keyFormat == DILITHIUM_AES_LEVEL5k)) {
(*keyFormat == DILITHIUM_LEVEL5k)) {
/* make sure Dilithium key can be used */
dilithium_key* key = (dilithium_key*)XMALLOC(sizeof(dilithium_key),
heap,
@ -6265,22 +6259,13 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
ret = wc_dilithium_init(key);
if (ret == 0) {
if (*keyFormat == DILITHIUM_LEVEL2k) {
ret = wc_dilithium_set_level_and_sym(key, 2, SHAKE_VARIANT);
ret = wc_dilithium_set_level(key, 2);
}
else if (*keyFormat == DILITHIUM_LEVEL3k) {
ret = wc_dilithium_set_level_and_sym(key, 3, SHAKE_VARIANT);
ret = wc_dilithium_set_level(key, 3);
}
else if (*keyFormat == DILITHIUM_LEVEL5k) {
ret = wc_dilithium_set_level_and_sym(key, 5, SHAKE_VARIANT);
}
else if (*keyFormat == DILITHIUM_AES_LEVEL2k) {
ret = wc_dilithium_set_level_and_sym(key, 2, AES_VARIANT);
}
else if (*keyFormat == DILITHIUM_AES_LEVEL3k) {
ret = wc_dilithium_set_level_and_sym(key, 3, AES_VARIANT);
}
else if (*keyFormat == DILITHIUM_AES_LEVEL5k) {
ret = wc_dilithium_set_level_and_sym(key, 5, AES_VARIANT);
ret = wc_dilithium_set_level(key, 5);
}
else {
/* What if *keyformat is 0? We might want to do something more
@ -6313,15 +6298,6 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
else if (*keyFormat == DILITHIUM_LEVEL5k) {
ssl->buffers.keyType = dilithium_level5_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL2k) {
ssl->buffers.keyType = dilithium_aes_level2_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL3k) {
ssl->buffers.keyType = dilithium_aes_level3_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL5k) {
ssl->buffers.keyType = dilithium_aes_level5_sa_algo;
}
ssl->buffers.keySz = *keySz;
}
else {
@ -6334,15 +6310,6 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
else if (*keyFormat == DILITHIUM_LEVEL5k) {
ctx->privateKeyType = dilithium_level5_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL2k) {
ctx->privateKeyType = dilithium_aes_level2_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL3k) {
ctx->privateKeyType = dilithium_aes_level3_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL5k) {
ctx->privateKeyType = dilithium_aes_level5_sa_algo;
}
ctx->privateKeySz = *keySz;
}
@ -6721,9 +6688,6 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
case CTC_DILITHIUM_LEVEL2:
case CTC_DILITHIUM_LEVEL3:
case CTC_DILITHIUM_LEVEL5:
case CTC_DILITHIUM_AES_LEVEL2:
case CTC_DILITHIUM_AES_LEVEL3:
case CTC_DILITHIUM_AES_LEVEL5:
WOLFSSL_MSG("Dilithium cert signature");
if (ssl)
ssl->options.haveDilithiumSig = 1;
@ -6776,10 +6740,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#ifdef HAVE_DILITHIUM
else if (cert->keyOID == DILITHIUM_LEVEL2k ||
cert->keyOID == DILITHIUM_LEVEL3k ||
cert->keyOID == DILITHIUM_LEVEL5k ||
cert->keyOID == DILITHIUM_AES_LEVEL2k ||
cert->keyOID == DILITHIUM_AES_LEVEL3k ||
cert->keyOID == DILITHIUM_AES_LEVEL5k) {
cert->keyOID == DILITHIUM_LEVEL5k) {
ssl->options.haveDilithiumSig = 1;
}
#endif /* HAVE_DILITHIUM */
@ -6826,10 +6787,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#ifdef HAVE_DILITHIUM
else if (cert->keyOID == DILITHIUM_LEVEL2k ||
cert->keyOID == DILITHIUM_LEVEL3k ||
cert->keyOID == DILITHIUM_LEVEL5k ||
cert->keyOID == DILITHIUM_AES_LEVEL2k ||
cert->keyOID == DILITHIUM_AES_LEVEL3k ||
cert->keyOID == DILITHIUM_AES_LEVEL5k) {
cert->keyOID == DILITHIUM_LEVEL5k) {
ctx->haveDilithiumSig = 1;
}
#endif /* HAVE_DILITHIUM */
@ -6972,9 +6930,6 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
case DILITHIUM_AES_LEVEL2k:
case DILITHIUM_AES_LEVEL3k:
case DILITHIUM_AES_LEVEL5k:
/* Dilithium is fixed key size */
keySz = DILITHIUM_MAX_KEY_SIZE;
if (ssl && !ssl->options.verifyNone) {
@ -9465,74 +9420,32 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
#endif
if (wc_dilithium_init(dilithium) == 0) {
/* Test if Dilithium key. Try all levels for both SHAKE and AES */
/* Test if Dilithium key. Try all levels. */
if (priv) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
SHAKE_VARIANT) == 0 &&
isDilithium = wc_dilithium_set_level(dilithium, 2) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
SHAKE_VARIANT) == 0 &&
isDilithium = wc_dilithium_set_level(dilithium, 3) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
SHAKE_VARIANT) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
AES_VARIANT) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
AES_VARIANT) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
AES_VARIANT) == 0 &&
isDilithium = wc_dilithium_set_level(dilithium, 5) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
}
} else {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
SHAKE_VARIANT) == 0 &&
isDilithium = wc_dilithium_set_level(dilithium, 2) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
SHAKE_VARIANT) == 0 &&
isDilithium = wc_dilithium_set_level(dilithium, 3) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
SHAKE_VARIANT) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
AES_VARIANT) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
AES_VARIANT) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
AES_VARIANT) == 0 &&
isDilithium = wc_dilithium_set_level(dilithium, 5) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
}
@ -26782,12 +26695,6 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
"Dilithium Level 3", "Dilithium Level 3"},
{ CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k, oidKeyType,
"Dilithium Level 5", "Dilithium Level 5"},
{ CTC_DILITHIUM_AES_LEVEL2, DILITHIUM_AES_LEVEL2k, oidKeyType,
"Dilithium AES Level 2", "Dilithium AES Level 2"},
{ CTC_DILITHIUM_AES_LEVEL3, DILITHIUM_AES_LEVEL3k, oidKeyType,
"Dilithium AES Level 3", "Dilithium AES Level 3"},
{ CTC_DILITHIUM_AES_LEVEL5, DILITHIUM_AES_LEVEL5k, oidKeyType,
"Dilithium AES Level 5", "Dilithium AES Level 5"},
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
@ -28435,9 +28342,6 @@ struct WOLFSSL_HashSigInfo {
{ no_mac, dilithium_level2_sa_algo, CTC_DILITHIUM_LEVEL2 },
{ no_mac, dilithium_level3_sa_algo, CTC_DILITHIUM_LEVEL3 },
{ no_mac, dilithium_level5_sa_algo, CTC_DILITHIUM_LEVEL5 },
{ no_mac, dilithium_aes_level2_sa_algo, CTC_DILITHIUM_AES_LEVEL2 },
{ no_mac, dilithium_aes_level3_sa_algo, CTC_DILITHIUM_AES_LEVEL3 },
{ no_mac, dilithium_aes_level5_sa_algo, CTC_DILITHIUM_AES_LEVEL5 },
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifndef NO_DSA

57
src/tls13.c
View File

@ -6771,18 +6771,6 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
output[0] = DILITHIUM_LEVEL5_SA_MAJOR;
output[1] = DILITHIUM_LEVEL5_SA_MINOR;
break;
case dilithium_aes_level2_sa_algo:
output[0] = DILITHIUM_AES_LEVEL2_SA_MAJOR;
output[1] = DILITHIUM_AES_LEVEL2_SA_MINOR;
break;
case dilithium_aes_level3_sa_algo:
output[0] = DILITHIUM_AES_LEVEL3_SA_MAJOR;
output[1] = DILITHIUM_AES_LEVEL3_SA_MINOR;
break;
case dilithium_aes_level5_sa_algo:
output[0] = DILITHIUM_AES_LEVEL5_SA_MAJOR;
output[1] = DILITHIUM_AES_LEVEL5_SA_MINOR;
break;
#endif
#endif
default:
@ -6855,18 +6843,6 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
*hsType = dilithium_level5_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} else if (input[1] == DILITHIUM_AES_LEVEL2_SA_MINOR) {
*hsType = dilithium_aes_level2_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} else if (input[1] == DILITHIUM_AES_LEVEL3_SA_MINOR) {
*hsType = dilithium_aes_level3_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} else if (input[1] == DILITHIUM_AES_LEVEL5_SA_MINOR) {
*hsType = dilithium_aes_level5_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
}
else
#endif /* HAVE_DILITHIUM */
@ -7730,28 +7706,18 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
dilithium_key* fkey = (dilithium_key*)ssl->hsKey;
byte level = 0;
byte sym = 0;
if (wc_dilithium_get_level_and_sym(fkey, &level, &sym) != 0) {
if (wc_dilithium_get_level(fkey, &level) != 0) {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
if ((level == 2) && (sym == SHAKE_VARIANT)) {
if (level == 2) {
args->sigAlgo = dilithium_level2_sa_algo;
}
else if ((level == 3) && (sym == SHAKE_VARIANT)) {
else if (level == 3) {
args->sigAlgo = dilithium_level3_sa_algo;
}
else if ((level == 5) && (sym == SHAKE_VARIANT)) {
else if (level == 5) {
args->sigAlgo = dilithium_level5_sa_algo;
}
else if ((level == 2) && (sym == AES_VARIANT)) {
args->sigAlgo = dilithium_aes_level2_sa_algo;
}
else if ((level == 3) && (sym == AES_VARIANT)) {
args->sigAlgo = dilithium_aes_level3_sa_algo;
}
else if ((level == 5) && (sym == AES_VARIANT)) {
args->sigAlgo = dilithium_aes_level5_sa_algo;
}
else {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
@ -8322,21 +8288,6 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
}
if (args->sigAlgo == dilithium_aes_level2_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium AES Level 2 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
}
if (args->sigAlgo == dilithium_aes_level3_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium AES Level 3 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
}
if (args->sigAlgo == dilithium_aes_level5_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium AES Level 5 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
}
#endif
#ifndef NO_RSA
if (args->sigAlgo == rsa_sa_algo) {

68
wolfcrypt/benchmark/benchmark.c
View File

@ -483,9 +483,6 @@
#define BENCH_DILITHIUM_LEVEL2_SIGN 0x04000000
#define BENCH_DILITHIUM_LEVEL3_SIGN 0x08000000
#define BENCH_DILITHIUM_LEVEL5_SIGN 0x10000000
#define BENCH_DILITHIUM_AES_LEVEL2_SIGN 0x20000000
#define BENCH_DILITHIUM_AES_LEVEL3_SIGN 0x40000000
#define BENCH_DILITHIUM_AES_LEVEL5_SIGN 0x80000000
/* Post-Quantum Asymmetric algorithms. (Part 2) */
#define BENCH_SPHINCS_FAST_LEVEL1_SIGN 0x00000001
@ -798,12 +795,6 @@ static const bench_pq_alg bench_pq_asym_opt[] = {
OQS_SIG_alg_dilithium_3 },
{ "-dilithium_level5", BENCH_DILITHIUM_LEVEL5_SIGN,
OQS_SIG_alg_dilithium_5 },
{ "-dilithium_aes_level2", BENCH_DILITHIUM_AES_LEVEL2_SIGN,
OQS_SIG_alg_dilithium_2_aes },
{ "-dilithium_aes_level3", BENCH_DILITHIUM_AES_LEVEL3_SIGN,
OQS_SIG_alg_dilithium_3_aes },
{ "-dilithium_aes_level5", BENCH_DILITHIUM_AES_LEVEL5_SIGN,
OQS_SIG_alg_dilithium_5_aes },
{ "-kyber_level1-kg", BENCH_KYBER_LEVEL1_KEYGEN,
OQS_KEM_alg_kyber_512 },
{ "-kyber_level1-ed", BENCH_KYBER_LEVEL1_ENCAP,
@ -2919,17 +2910,11 @@ static void* benchmarks_do(void* args)
#endif
#ifdef HAVE_DILITHIUM
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL2_SIGN))
bench_dilithiumKeySign(2, SHAKE_VARIANT);
bench_dilithiumKeySign(2);
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL3_SIGN))
bench_dilithiumKeySign(3, SHAKE_VARIANT);
bench_dilithiumKeySign(3);
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL5_SIGN))
bench_dilithiumKeySign(5, SHAKE_VARIANT);
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_AES_LEVEL2_SIGN))
bench_dilithiumKeySign(2, AES_VARIANT);
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_AES_LEVEL3_SIGN))
bench_dilithiumKeySign(3, AES_VARIANT);
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_AES_LEVEL5_SIGN))
bench_dilithiumKeySign(5, AES_VARIANT);
bench_dilithiumKeySign(5);
#endif
#ifdef HAVE_SPHINCS
@ -8393,7 +8378,7 @@ void bench_falconKeySign(byte level)
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
void bench_dilithiumKeySign(byte level, byte sym)
void bench_dilithiumKeySign(byte level)
{
int ret = 0;
dilithium_key key;
@ -8410,40 +8395,25 @@ void bench_dilithiumKeySign(byte level, byte sym)
return;
}
ret = wc_dilithium_set_level_and_sym(&key, level, sym);
ret = wc_dilithium_set_level(&key, level);
if (ret != 0) {
printf("wc_dilithium_set_level_and_sym() failed %d\n", ret);
printf("wc_dilithium_set_level() failed %d\n", ret);
}
if (ret == 0) {
ret = -1;
if ((level == 2) && (sym == SHAKE_VARIANT)) {
if (level == 2) {
ret = wc_dilithium_import_private_key(bench_dilithium_level2_key,
sizeof_bench_dilithium_level2_key, NULL, 0, &key);
}
else if ((level == 3) && (sym == SHAKE_VARIANT)) {
else if (level == 3) {
ret = wc_dilithium_import_private_key(bench_dilithium_level3_key,
sizeof_bench_dilithium_level3_key, NULL, 0, &key);
}
else if ((level == 5) && (sym == SHAKE_VARIANT)) {
else if (level == 5) {
ret = wc_dilithium_import_private_key(bench_dilithium_level5_key,
sizeof_bench_dilithium_level5_key, NULL, 0, &key);
}
else if ((level == 2) && (sym == AES_VARIANT)) {
ret = wc_dilithium_import_private_key(
bench_dilithium_aes_level2_key,
sizeof_bench_dilithium_level2_key, NULL, 0, &key);
}
else if ((level == 3) && (sym == AES_VARIANT)) {
ret = wc_dilithium_import_private_key(
bench_dilithium_aes_level3_key,
sizeof_bench_dilithium_level3_key, NULL, 0, &key);
}
else if ((level == 5) && (sym == AES_VARIANT)) {
ret = wc_dilithium_import_private_key(
bench_dilithium_aes_level5_key,
sizeof_bench_dilithium_level5_key, NULL, 0, &key);
}
if (ret != 0) {
printf("wc_dilithium_import_private_key failed %d\n", ret);
@ -8479,14 +8449,8 @@ void bench_dilithiumKeySign(byte level, byte sym)
} while (bench_stats_check(start));
if (ret == 0) {
if (sym == SHAKE_VARIANT) {
bench_stats_asym_finish("DILITHIUM", level, desc[4], 0, count,
start, ret);
}
else {
bench_stats_asym_finish("DILITHIUM-AES", level, desc[4], 0, count,
start, ret);
}
bench_stats_asym_finish("DILITHIUM", level, desc[4], 0, count, start,
ret);
}
bench_stats_start(&count, &start);
@ -8508,14 +8472,8 @@ void bench_dilithiumKeySign(byte level, byte sym)
} while (bench_stats_check(start));
if (ret == 0) {
if (sym == SHAKE_VARIANT) {
bench_stats_asym_finish("DILITHIUM", level, desc[5], 0, count,
start, ret);
}
else {
bench_stats_asym_finish("DILITHIUM-AES", level, desc[5], 0, count,
start, ret);
}
bench_stats_asym_finish("DILITHIUM", level, desc[5], 0, count, start,
ret);
}
wc_dilithium_free(&key);

2
wolfcrypt/benchmark/benchmark.h
View File

@ -114,7 +114,7 @@ void bench_blake2b(void);
void bench_blake2s(void);
void bench_pbkdf2(void);
void bench_falconKeySign(byte level);
void bench_dilithiumKeySign(byte level, byte sym);
void bench_dilithiumKeySign(byte level);
void bench_sphincsKeySign(byte level, byte optim);
void bench_pqcKemKeygen(word32 alg);
void bench_pqcKemEncapDecap(word32 alg);

415
wolfcrypt/src/asn.c
View File

@ -4010,18 +4010,6 @@ static word32 SetBitString16Bit(word16 val, byte* output)
/* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
static const byte sigDilithium_Level5Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
/* Dilithium AES Level 2: 1.3.6.1.4.1.2.267.11.4.4 */
static const byte sigDilithiumAes_Level2Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 11, 4, 4};
/* Dilithium AES Level 3: 1.3.6.1.4.1.2.267.11.6.5 */
static const byte sigDilithiumAes_Level3Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 11, 6, 5};
/* Dilithium AES Level 5: 1.3.6.1.4.1.2.267.11.8.7 */
static const byte sigDilithiumAes_Level5Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 11, 8, 7};
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
/* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
@ -4098,18 +4086,6 @@ static word32 SetBitString16Bit(word16 val, byte* output)
/* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
static const byte keyDilithium_Level5Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
/* Dilithium AES Level 2: 1.3.6.1.4.1.2.267.11.4.4 */
static const byte keyDilithiumAes_Level2Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 11, 4, 4};
/* Dilithium AES Level 3: 1.3.6.1.4.1.2.267.11.6.5 */
static const byte keyDilithiumAes_Level3Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 11, 6, 5};
/* Dilithium AES Level 5: 1.3.6.1.4.1.2.267.11.8.7 */
static const byte keyDilithiumAes_Level5Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 11, 8, 7};
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
/* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
@ -4657,18 +4633,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
oid = sigDilithium_Level5Oid;
*oidSz = sizeof(sigDilithium_Level5Oid);
break;
case CTC_DILITHIUM_AES_LEVEL2:
oid = sigDilithiumAes_Level2Oid;
*oidSz = sizeof(sigDilithiumAes_Level2Oid);
break;
case CTC_DILITHIUM_AES_LEVEL3:
oid = sigDilithiumAes_Level3Oid;
*oidSz = sizeof(sigDilithiumAes_Level3Oid);
break;
case CTC_DILITHIUM_AES_LEVEL5:
oid = sigDilithiumAes_Level5Oid;
*oidSz = sizeof(sigDilithiumAes_Level5Oid);
break;
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
case CTC_SPHINCS_FAST_LEVEL1:
@ -4782,18 +4746,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
oid = keyDilithium_Level5Oid;
*oidSz = sizeof(keyDilithium_Level5Oid);
break;
case DILITHIUM_AES_LEVEL2k:
oid = keyDilithiumAes_Level2Oid;
*oidSz = sizeof(keyDilithiumAes_Level2Oid);
break;
case DILITHIUM_AES_LEVEL3k:
oid = keyDilithiumAes_Level3Oid;
*oidSz = sizeof(keyDilithiumAes_Level3Oid);
break;
case DILITHIUM_AES_LEVEL5k:
oid = keyDilithiumAes_Level5Oid;
*oidSz = sizeof(keyDilithiumAes_Level5Oid);
break;
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
case SPHINCS_FAST_LEVEL1k:
@ -5703,32 +5655,15 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
#if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
/* Since we are summing it up, there could be collisions...and indeed there
* are:
* are: SPHINCS_FAST_LEVEL1 and SPHINCS_FAST_LEVEL3.
*
* DILITHIUM_LEVEL5
* 1.3.6.1.4.1.2.267.7.6.7
* {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7}
* -> 220
* DILITHIUM_AES_LEVEL3
* 1.3.6.1.4.1.2.267.11.4.5
* {43, 6, 1, 4, 1, 2, 130, 11, 11, 6, 5}
* -> 220
*
* As a small hack, we're going to look for the special case of
* DILITHIUM_AES_LEVEL3k and if we find it, instead of *oid being set to 220
* we will set it to 221. Note that DILITHIUM_AES_LEVEL3k is defined as 221.
*
* Same thing for SPHINCS_FAST_LEVEL1 and SPHINCS_FAST_LEVEL3. We will look
* for the special case of SPHINCS_FAST_LEVEL3 and set *oid to 283 instead
* of 281; 282 is taken.
* We will look for the special case of SPHINCS_FAST_LEVEL3 and set *oid to
* 283 instead of 281; 282 is taken.
*
* These hacks will hopefully disappear when new standardized OIDs appear.
*/
if (memcmp(&input[idx], sigDilithiumAes_Level3Oid,
sizeof(sigDilithiumAes_Level3Oid)) == 0) {
found_collision = DILITHIUM_AES_LEVEL3k;
} else if (memcmp(&input[idx], sigSphincsFast_Level3Oid,
sizeof(sigSphincsFast_Level3Oid)) == 0) {
if (memcmp(&input[idx], sigSphincsFast_Level3Oid,
sizeof(sigSphincsFast_Level3Oid)) == 0) {
found_collision = SPHINCS_FAST_LEVEL3k;
}
#endif /* HAVE_PQC */
@ -7362,10 +7297,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
#if defined(HAVE_DILITHIUM)
if ((ks == DILITHIUM_LEVEL2k) ||
(ks == DILITHIUM_LEVEL3k) ||
(ks == DILITHIUM_LEVEL5k) ||
(ks == DILITHIUM_AES_LEVEL2k) ||
(ks == DILITHIUM_AES_LEVEL3k) ||
(ks == DILITHIUM_AES_LEVEL5k)) {
(ks == DILITHIUM_LEVEL5k)) {
#ifdef WOLFSSL_SMALL_STACK
dilithium_key* key_pair = NULL;
#else
@ -7388,22 +7320,13 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
}
if (ks == DILITHIUM_LEVEL2k) {
ret = wc_dilithium_set_level_and_sym(key_pair, 2, SHAKE_VARIANT);
ret = wc_dilithium_set_level(key_pair, 2);
}
else if (ks == DILITHIUM_LEVEL3k) {
ret = wc_dilithium_set_level_and_sym(key_pair, 3, SHAKE_VARIANT);
ret = wc_dilithium_set_level(key_pair, 3);
}
else if (ks == DILITHIUM_LEVEL5k) {
ret = wc_dilithium_set_level_and_sym(key_pair, 5, SHAKE_VARIANT);
}
else if (ks == DILITHIUM_AES_LEVEL2k) {
ret = wc_dilithium_set_level_and_sym(key_pair, 2, AES_VARIANT);
}
else if (ks == DILITHIUM_AES_LEVEL3k) {
ret = wc_dilithium_set_level_and_sym(key_pair, 3, AES_VARIANT);
}
else if (ks == DILITHIUM_AES_LEVEL5k) {
ret = wc_dilithium_set_level_and_sym(key_pair, 5, AES_VARIANT);
ret = wc_dilithium_set_level(key_pair, 5);
}
if (ret < 0) {
@ -7849,7 +7772,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
if (wc_dilithium_init(dilithium) != 0) {
tmpIdx = 0;
if (wc_dilithium_set_level_and_sym(dilithium, 2, SHAKE_VARIANT)
if (wc_dilithium_set_level(dilithium, 2)
== 0) {
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
keySz) == 0) {
@ -7859,7 +7782,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
WOLFSSL_MSG("Not Dilithium Level 2 DER key");
}
}
else if (wc_dilithium_set_level_and_sym(dilithium, 3, SHAKE_VARIANT)
else if (wc_dilithium_set_level(dilithium, 3)
== 0) {
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
keySz) == 0) {
@ -7869,7 +7792,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
WOLFSSL_MSG("Not Dilithium Level 3 DER key");
}
}
else if (wc_dilithium_set_level_and_sym(dilithium, 5, SHAKE_VARIANT)
else if (wc_dilithium_set_level(dilithium, 5)
== 0) {
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
keySz) == 0) {
@ -7879,36 +7802,6 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
WOLFSSL_MSG("Not Dilithium Level 5 DER key");
}
}
else if (wc_dilithium_set_level_and_sym(dilithium, 2, AES_VARIANT)
== 0) {
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
keySz) == 0) {
*algoID = DILITHIUM_AES_LEVEL2k;
}
else {
WOLFSSL_MSG("Not Dilithium AES Level 2 DER key");
}
}
else if (wc_dilithium_set_level_and_sym(dilithium, 3, AES_VARIANT)
== 0) {
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
keySz) == 0) {
*algoID = DILITHIUM_AES_LEVEL3k;
}
else {
WOLFSSL_MSG("Not Dilithium AES Level 3 DER key");
}
}
else if (wc_dilithium_set_level_and_sym(dilithium, 5, AES_VARIANT)
== 0) {
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
keySz) == 0) {
*algoID = DILITHIUM_AES_LEVEL5k;
}
else {
WOLFSSL_MSG("Not Dilithium AES Level 5 DER key");
}
}
else {
WOLFSSL_MSG("GetKeyOID dilithium initialization failed");
}
@ -11812,18 +11705,6 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
cert->pkCurveOID = DILITHIUM_LEVEL5k;
ret = StoreKey(cert, source, &srcIdx, maxIdx);
break;
case DILITHIUM_AES_LEVEL2k:
cert->pkCurveOID = DILITHIUM_AES_LEVEL2k;
ret = StoreKey(cert, source, &srcIdx, maxIdx);
break;
case DILITHIUM_AES_LEVEL3k:
cert->pkCurveOID = DILITHIUM_AES_LEVEL3k;
ret = StoreKey(cert, source, &srcIdx, maxIdx);
break;
case DILITHIUM_AES_LEVEL5k:
cert->pkCurveOID = DILITHIUM_AES_LEVEL5k;
ret = StoreKey(cert, source, &srcIdx, maxIdx);
break;
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
case SPHINCS_FAST_LEVEL1k:
@ -14827,9 +14708,6 @@ static WC_INLINE int IsSigAlgoECC(int algoOID)
|| (algoOID == DILITHIUM_LEVEL2k)
|| (algoOID == DILITHIUM_LEVEL3k)
|| (algoOID == DILITHIUM_LEVEL5k)
|| (algoOID == DILITHIUM_AES_LEVEL2k)
|| (algoOID == DILITHIUM_AES_LEVEL3k)
|| (algoOID == DILITHIUM_AES_LEVEL5k)
#endif
#ifdef HAVE_SPHINCS
|| (algoOID == SPHINCS_FAST_LEVEL1k)
@ -15150,9 +15028,6 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
case DILITHIUM_AES_LEVEL2k:
case DILITHIUM_AES_LEVEL3k:
case DILITHIUM_AES_LEVEL5k:
wc_dilithium_free(sigCtx->key.dilithium);
XFREE(sigCtx->key.dilithium, sigCtx->heap,
DYNAMIC_TYPE_DILITHIUM);
@ -15321,9 +15196,6 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
case CTC_DILITHIUM_LEVEL2:
case CTC_DILITHIUM_LEVEL3:
case CTC_DILITHIUM_LEVEL5:
case CTC_DILITHIUM_AES_LEVEL2:
case CTC_DILITHIUM_AES_LEVEL3:
case CTC_DILITHIUM_AES_LEVEL5:
/* Hashes done in signing operation. */
break;
#endif
@ -15768,8 +15640,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
goto exit_cs;
}
if ((ret = wc_dilithium_set_level_and_sym(
sigCtx->key.dilithium, 2, SHAKE_VARIANT))
if ((ret = wc_dilithium_set_level(
sigCtx->key.dilithium, 2))
< 0) {
goto exit_cs;
}
@ -15793,8 +15665,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
goto exit_cs;
}
if ((ret = wc_dilithium_set_level_and_sym(
sigCtx->key.dilithium, 3, SHAKE_VARIANT))
if ((ret = wc_dilithium_set_level(
sigCtx->key.dilithium, 3))
< 0) {
goto exit_cs;
}
@ -15818,83 +15690,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
goto exit_cs;
}
if ((ret = wc_dilithium_set_level_and_sym(
sigCtx->key.dilithium, 5, SHAKE_VARIANT))
< 0) {
goto exit_cs;
}
if ((ret = wc_dilithium_import_public(key, keySz,
sigCtx->key.dilithium)) < 0) {
WOLFSSL_MSG("ASN Key import error Dilithium Level 5");
goto exit_cs;
}
break;
}
case DILITHIUM_AES_LEVEL2k:
{
sigCtx->verify = 0;
sigCtx->key.dilithium =
(dilithium_key*)XMALLOC(sizeof(dilithium_key),
sigCtx->heap,
DYNAMIC_TYPE_DILITHIUM);
if (sigCtx->key.dilithium == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
goto exit_cs;
}
if ((ret = wc_dilithium_set_level_and_sym(
sigCtx->key.dilithium, 2, AES_VARIANT))
< 0) {
goto exit_cs;
}
if ((ret = wc_dilithium_import_public(key, keySz,
sigCtx->key.dilithium)) < 0) {
WOLFSSL_MSG("ASN Key import error Dilithium Level 2");
goto exit_cs;
}
break;
}
case DILITHIUM_AES_LEVEL3k:
{
sigCtx->verify = 0;
sigCtx->key.dilithium =
(dilithium_key*)XMALLOC(sizeof(dilithium_key),
sigCtx->heap,
DYNAMIC_TYPE_DILITHIUM);
if (sigCtx->key.dilithium == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
goto exit_cs;
}
if ((ret = wc_dilithium_set_level_and_sym(
sigCtx->key.dilithium, 3, AES_VARIANT))
< 0) {
goto exit_cs;
}
if ((ret = wc_dilithium_import_public(key, keySz,
sigCtx->key.dilithium)) < 0) {
WOLFSSL_MSG("ASN Key import error Dilithium Level 5");
goto exit_cs;
}
break;
}
case DILITHIUM_AES_LEVEL5k:
{
sigCtx->verify = 0;
sigCtx->key.dilithium =
(dilithium_key*)XMALLOC(sizeof(dilithium_key),
sigCtx->heap,
DYNAMIC_TYPE_DILITHIUM);
if (sigCtx->key.dilithium == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
goto exit_cs;
}
if ((ret = wc_dilithium_set_level_and_sym(
sigCtx->key.dilithium, 5, AES_VARIANT))
if ((ret = wc_dilithium_set_level(
sigCtx->key.dilithium, 5))
< 0) {
goto exit_cs;
}
@ -16187,9 +15984,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
case DILITHIUM_AES_LEVEL2k:
case DILITHIUM_AES_LEVEL3k:
case DILITHIUM_AES_LEVEL5k:
{
ret = wc_dilithium_verify_msg(sig, sigSz, buf, bufSz,
&sigCtx->verify,
@ -16420,39 +16214,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
}
break;
}
case DILITHIUM_AES_LEVEL2k:
{
if (sigCtx->verify == 1) {
ret = 0;
}
else {
WOLFSSL_MSG("DILITHIUM_AES_LEVEL2 Verify didn't match");
ret = ASN_SIG_CONFIRM_E;
}
break;
}
case DILITHIUM_AES_LEVEL3k:
{
if (sigCtx->verify == 1) {
ret = 0;
}
else {
WOLFSSL_MSG("DILITHIUM_AES_LEVEL3 Verify didn't match");
ret = ASN_SIG_CONFIRM_E;
}
break;
}
case DILITHIUM_AES_LEVEL5k:
{
if (sigCtx->verify == 1) {
ret = 0;
}
else {
WOLFSSL_MSG("DILITHIUM_AES_LEVEL5 Verify didn't match");
ret = ASN_SIG_CONFIRM_E;
}
break;
}
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
case SPHINCS_FAST_LEVEL1k:
@ -22561,13 +22322,6 @@ wcchar END_PUB_KEY = "-----END PUBLIC KEY-----";
wcchar END_DILITHIUM_LEVEL3_PRIV = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----";
wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----";
wcchar END_DILITHIUM_LEVEL5_PRIV = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----";
wcchar BEGIN_DILITHIUM_AES_LEVEL2_PRIV = "-----BEGIN DILITHIUM_AES_LEVEL2 PRIVATE KEY-----";
wcchar END_DILITHIUM_AES_LEVEL2_PRIV = "-----END DILITHIUM_AES_LEVEL2 PRIVATE KEY-----";
wcchar BEGIN_DILITHIUM_AES_LEVEL3_PRIV = "-----BEGIN DILITHIUM_AES_LEVEL3 PRIVATE KEY-----";
wcchar END_DILITHIUM_AES_LEVEL3_PRIV = "-----END DILITHIUM_AES_LEVEL3 PRIVATE KEY-----";
wcchar BEGIN_DILITHIUM_AES_LEVEL5_PRIV = "-----BEGIN DILITHIUM_AES_LEVEL5 PRIVATE KEY-----";
wcchar END_DILITHIUM_AES_LEVEL5_PRIV = "-----END DILITHIUM_AES_LEVEL5 PRIVATE KEY-----";
#endif /* HAVE_DILITHIUM */
#if defined(HAVE_SPHINCS)
wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
@ -22708,21 +22462,6 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
if (footer) *footer = END_DILITHIUM_LEVEL5_PRIV;
ret = 0;
break;
case DILITHIUM_AES_LEVEL2_TYPE:
if (header) *header = BEGIN_DILITHIUM_AES_LEVEL2_PRIV;
if (footer) *footer = END_DILITHIUM_AES_LEVEL2_PRIV;
ret = 0;
break;
case DILITHIUM_AES_LEVEL3_TYPE:
if (header) *header = BEGIN_DILITHIUM_AES_LEVEL3_PRIV;
if (footer) *footer = END_DILITHIUM_AES_LEVEL3_PRIV;
ret = 0;
break;
case DILITHIUM_AES_LEVEL5_TYPE:
if (header) *header = BEGIN_DILITHIUM_AES_LEVEL5_PRIV;
if (footer) *footer = END_DILITHIUM_AES_LEVEL5_PRIV;
ret = 0;
break;
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
case SPHINCS_FAST_LEVEL1_TYPE:
@ -27509,10 +27248,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
#if defined(HAVE_DILITHIUM)
if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
(cert->keyType == DILITHIUM_LEVEL3_KEY) ||
(cert->keyType == DILITHIUM_LEVEL5_KEY) ||
(cert->keyType == DILITHIUM_AES_LEVEL2_KEY) ||
(cert->keyType == DILITHIUM_AES_LEVEL3_KEY) ||
(cert->keyType == DILITHIUM_AES_LEVEL5_KEY)) {
(cert->keyType == DILITHIUM_LEVEL5_KEY)) {
if (dilithiumKey == NULL)
return PUBLIC_KEY_E;
@ -28269,24 +28005,12 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
cert->keyType = FALCON_LEVEL5_KEY;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
&& (dilithiumKey->sym == SHAKE_VARIANT))
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
cert->keyType = DILITHIUM_LEVEL2_KEY;
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
&& (dilithiumKey->sym == SHAKE_VARIANT))
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
cert->keyType = DILITHIUM_LEVEL3_KEY;
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
&& (dilithiumKey->sym == SHAKE_VARIANT))
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
cert->keyType = DILITHIUM_LEVEL5_KEY;
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
&& (dilithiumKey->sym == AES_VARIANT))
cert->keyType = DILITHIUM_AES_LEVEL2_KEY;
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
&& (dilithiumKey->sym == AES_VARIANT))
cert->keyType = DILITHIUM_AES_LEVEL3_KEY;
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
&& (dilithiumKey->sym == AES_VARIANT))
cert->keyType = DILITHIUM_AES_LEVEL5_KEY;
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@ -28378,30 +28102,15 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
}
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
cert->keyType = DILITHIUM_LEVEL2_KEY;
}
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
cert->keyType = DILITHIUM_LEVEL3_KEY;
}
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
cert->keyType = DILITHIUM_LEVEL5_KEY;
}
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
&& (dilithiumKey->sym == AES_VARIANT)) {
cert->keyType = DILITHIUM_AES_LEVEL2_KEY;
}
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
&& (dilithiumKey->sym == AES_VARIANT)) {
cert->keyType = DILITHIUM_AES_LEVEL3_KEY;
}
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
&& (dilithiumKey->sym == AES_VARIANT)) {
cert->keyType = DILITHIUM_AES_LEVEL5_KEY;
}
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@ -28692,12 +28401,6 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_LEVEL5_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL2_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL3_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL5_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
sphincsKey = (sphincs_key*)key;
else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@ -28998,10 +28701,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
#if defined(HAVE_DILITHIUM)
if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
(cert->keyType == DILITHIUM_LEVEL3_KEY) ||
(cert->keyType == DILITHIUM_LEVEL5_KEY) ||
(cert->keyType == DILITHIUM_AES_LEVEL2_KEY) ||
(cert->keyType == DILITHIUM_AES_LEVEL3_KEY) ||
(cert->keyType == DILITHIUM_AES_LEVEL5_KEY)) {
(cert->keyType == DILITHIUM_LEVEL5_KEY)) {
if (dilithiumKey == NULL)
return PUBLIC_KEY_E;
der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey,
@ -29334,24 +29034,12 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
cert->keyType = FALCON_LEVEL5_KEY;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
&& (dilithiumKey->sym == SHAKE_VARIANT))
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
cert->keyType = DILITHIUM_LEVEL2_KEY;
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
&& (dilithiumKey->sym == SHAKE_VARIANT))
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
cert->keyType = DILITHIUM_LEVEL3_KEY;
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
&& (dilithiumKey->sym == SHAKE_VARIANT))
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
cert->keyType = DILITHIUM_LEVEL5_KEY;
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
&& (dilithiumKey->sym == AES_VARIANT))
cert->keyType = DILITHIUM_AES_LEVEL2_KEY;
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
&& (dilithiumKey->sym == AES_VARIANT))
cert->keyType = DILITHIUM_AES_LEVEL3_KEY;
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
&& (dilithiumKey->sym == AES_VARIANT))
cert->keyType = DILITHIUM_AES_LEVEL5_KEY;
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@ -29444,30 +29132,15 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
}
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
cert->keyType = DILITHIUM_LEVEL2_KEY;
}
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
cert->keyType = DILITHIUM_LEVEL3_KEY;
}
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
cert->keyType = DILITHIUM_LEVEL5_KEY;
}
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
&& (dilithiumKey->sym == AES_VARIANT)) {
cert->keyType = DILITHIUM_AES_LEVEL2_KEY;
}
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
&& (dilithiumKey->sym == AES_VARIANT)) {
cert->keyType = DILITHIUM_AES_LEVEL3_KEY;
}
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
&& (dilithiumKey->sym == AES_VARIANT)) {
cert->keyType = DILITHIUM_AES_LEVEL5_KEY;
}
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@ -29665,12 +29338,6 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_LEVEL5_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL2_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL3_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL5_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
sphincsKey = (sphincs_key*)key;
else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@ -29809,12 +29476,6 @@ int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz,
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_LEVEL5_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL2_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL3_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL5_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
sphincsKey = (sphincs_key*)key;
else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@ -29985,12 +29646,6 @@ int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_LEVEL5_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL2_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL3_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL5_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
sphincsKey = (sphincs_key*)key;
else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@ -30044,12 +29699,6 @@ int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_LEVEL5_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL2_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL3_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == DILITHIUM_AES_LEVEL5_TYPE)
dilithiumKey = (dilithium_key*)key;
else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
sphincsKey = (sphincs_key*)key;
else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)

159
wolfcrypt/src/dilithium.c
View File

@ -76,26 +76,16 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
}
if (ret == 0) {
if ((key->sym == SHAKE_VARIANT) && (key->level == 2)) {
if (key->level == 2) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2);
}
else if ((key->sym == SHAKE_VARIANT) && (key->level == 3)) {
else if (key->level == 3) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3);
}
else if ((key->sym == SHAKE_VARIANT) && (key->level == 5)) {
else if (key->level == 5) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5);
}
else if ((key->sym == AES_VARIANT) && (key->level == 2)) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2_aes);
}
else if ((key->sym == AES_VARIANT) && (key->level == 3)) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3_aes);
}
else if ((key->sym == AES_VARIANT) && (key->level == 5)) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5_aes);
}
if (oqssig == NULL) {
else {
ret = SIG_TYPE_E;
}
}
@ -164,26 +154,16 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
}
if (ret == 0) {
if ((key->sym == SHAKE_VARIANT) && (key->level == 2)) {
if (key->level == 2) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2);
}
else if ((key->sym == SHAKE_VARIANT) && (key->level == 3)) {
else if (key->level == 3) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3);
}
else if ((key->sym == SHAKE_VARIANT) && (key->level == 5)) {
else if (key->level == 5) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5);
}
else if ((key->sym == AES_VARIANT) && (key->level == 2)) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2_aes);
}
else if ((key->sym == AES_VARIANT) && (key->level == 3)) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3_aes);
}
else if ((key->sym == AES_VARIANT) && (key->level == 5)) {
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5_aes);
}
if (oqssig == NULL) {
else {
ret = SIG_TYPE_E;
}
}
@ -227,10 +207,9 @@ int wc_dilithium_init(dilithium_key* key)
*
* key [out] Dilithium key.
* level [in] Either 2,3 or 5.
* sym [in] Either SHAKE_VARIANT or AES_VARIANT.
* returns BAD_FUNC_ARG when key is NULL or level or sym are bad values.
* returns BAD_FUNC_ARG when key is NULL or level is a bad values.
*/
int wc_dilithium_set_level_and_sym(dilithium_key* key, byte level, byte sym)
int wc_dilithium_set_level(dilithium_key* key, byte level)
{
if (key == NULL) {
return BAD_FUNC_ARG;
@ -240,25 +219,19 @@ int wc_dilithium_set_level_and_sym(dilithium_key* key, byte level, byte sym)
return BAD_FUNC_ARG;
}
if (sym != SHAKE_VARIANT && sym != AES_VARIANT) {
return BAD_FUNC_ARG;
}
key->level = level;
key->sym = sym;
key->pubKeySet = 0;
key->prvKeySet = 0;
return 0;
}
/* Get the level and symmetric variant of the dilithium private/public key.
/* Get the level of the dilithium private/public key.
*
* key [in] Dilithium key.
* level [out] The level.
* sym [out] The symetric variant. SHAKE_VARIANT or AES_VARIANT.
* returns BAD_FUNC_ARG when key is NULL or level has not been set.
*/
int wc_dilithium_get_level_and_sym(dilithium_key* key, byte* level, byte* sym)
int wc_dilithium_get_level(dilithium_key* key, byte* level)
{
if (key == NULL || level == NULL) {
return BAD_FUNC_ARG;
@ -268,12 +241,7 @@ int wc_dilithium_get_level_and_sym(dilithium_key* key, byte* level, byte* sym)
return BAD_FUNC_ARG;
}
if (key->sym != SHAKE_VARIANT && key->sym != AES_VARIANT) {
return BAD_FUNC_ARG;
}
*level = key->level;
*sym = key->sym;
return 0;
}
@ -365,10 +333,6 @@ int wc_dilithium_import_public(const byte* in, word32 inLen,
return BAD_FUNC_ARG;
}
if (key->sym != SHAKE_VARIANT && key->sym != AES_VARIANT) {
return BAD_FUNC_ARG;
}
if ((key->level == 2) && (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE)) {
return BAD_FUNC_ARG;
}
@ -401,10 +365,6 @@ static int parse_private_key(const byte* priv, word32 privSz,
return BAD_FUNC_ARG;
}
if (key->sym != SHAKE_VARIANT && key->sym != AES_VARIANT) {
return BAD_FUNC_ARG;
}
/* At this point, it is still a PKCS8 private key. */
if ((ret = ToTraditionalInline(priv, &idx, privSz)) < 0) {
return ret;
@ -553,7 +513,8 @@ int wc_dilithium_import_private_key(const byte* priv, word32 privSz,
* BUFFER_E when outLen is less than DILITHIUM_LEVEL2_KEY_SIZE,
* 0 otherwise.
*/
int wc_dilithium_export_private_only(dilithium_key* key, byte* out, word32* outLen)
int wc_dilithium_export_private_only(dilithium_key* key, byte* out,
word32* outLen)
{
/* sanity checks on arguments */
if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
@ -564,10 +525,6 @@ int wc_dilithium_export_private_only(dilithium_key* key, byte* out, word32* outL
return BAD_FUNC_ARG;
}
if (key->sym != SHAKE_VARIANT && key->sym != AES_VARIANT) {
return BAD_FUNC_ARG;
}
/* check and set up out length */
if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_KEY_SIZE)) {
*outLen = DILITHIUM_LEVEL2_KEY_SIZE;
@ -618,10 +575,6 @@ int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen)
return BAD_FUNC_ARG;
}
if (key->sym != SHAKE_VARIANT && key->sym != AES_VARIANT) {
return BAD_FUNC_ARG;
}
if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_PRV_KEY_SIZE)) {
*outLen = DILITHIUM_LEVEL2_PRV_KEY_SIZE;
return BUFFER_E;
@ -817,24 +770,15 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
return BAD_FUNC_ARG;
}
if ((key->level == 2) && (key->sym == SHAKE_VARIANT)) {
if (key->level == 2) {
keytype = DILITHIUM_LEVEL2k;
}
else if ((key->level == 3) && (key->sym == SHAKE_VARIANT)) {
else if (key->level == 3) {
keytype = DILITHIUM_LEVEL3k;
}
else if ((key->level == 5) && (key->sym == SHAKE_VARIANT)) {
else if (key->level == 5) {
keytype = DILITHIUM_LEVEL5k;
}
if ((key->level == 2) && (key->sym == AES_VARIANT)) {
keytype = DILITHIUM_AES_LEVEL2k;
}
else if ((key->level == 3) && (key->sym == AES_VARIANT)) {
keytype = DILITHIUM_AES_LEVEL3k;
}
else if ((key->level == 5) && (key->sym == AES_VARIANT)) {
keytype = DILITHIUM_AES_LEVEL5k;
}
else {
return BAD_FUNC_ARG;
}
@ -865,24 +809,15 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
return BAD_FUNC_ARG;
}
if ((key->level == 2) && (key->sym == SHAKE_VARIANT)) {
if (key->level == 2) {
keytype = DILITHIUM_LEVEL2k;
}
else if ((key->level == 3) && (key->sym == SHAKE_VARIANT)) {
else if (key->level == 3) {
keytype = DILITHIUM_LEVEL3k;
}
else if ((key->level == 5) && (key->sym == SHAKE_VARIANT)) {
else if (key->level == 5) {
keytype = DILITHIUM_LEVEL5k;
}
if ((key->level == 2) && (key->sym == AES_VARIANT)) {
keytype = DILITHIUM_AES_LEVEL2k;
}
else if ((key->level == 3) && (key->sym == AES_VARIANT)) {
keytype = DILITHIUM_AES_LEVEL3k;
}
else if ((key->level == 5) && (key->sym == AES_VARIANT)) {
keytype = DILITHIUM_AES_LEVEL5k;
}
else {
return BAD_FUNC_ARG;
}
@ -920,24 +855,15 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 inLen,
return BAD_FUNC_ARG;
}
if ((key->level == 2) && (key->sym == SHAKE_VARIANT)) {
if (key->level == 2) {
keytype = DILITHIUM_LEVEL2k;
}
else if ((key->level == 3) && (key->sym == SHAKE_VARIANT)) {
else if (key->level == 3) {
keytype = DILITHIUM_LEVEL3k;
}
else if ((key->level == 5) && (key->sym == SHAKE_VARIANT)) {
else if (key->level == 5) {
keytype = DILITHIUM_LEVEL5k;
}
if ((key->level == 2) && (key->sym == AES_VARIANT)) {
keytype = DILITHIUM_AES_LEVEL2k;
}
else if ((key->level == 3) && (key->sym == AES_VARIANT)) {
keytype = DILITHIUM_AES_LEVEL3k;
}
else if ((key->level == 5) && (key->sym == AES_VARIANT)) {
keytype = DILITHIUM_AES_LEVEL5k;
}
else {
return BAD_FUNC_ARG;
}
@ -958,36 +884,21 @@ int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 inLen)
return BAD_FUNC_ARG;
}
if ((key->level == 2) && (key->sym == SHAKE_VARIANT)) {
if (key->level == 2) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p,
DILITHIUM_LEVEL2_KEY_SIZE, output, inLen,
DILITHIUM_LEVEL2k);
}
else if ((key->level == 3) && (key->sym == SHAKE_VARIANT)) {
else if (key->level == 3) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p,
DILITHIUM_LEVEL3_KEY_SIZE, output, inLen,
DILITHIUM_LEVEL3k);
}
else if ((key->level == 5) && (key->sym == SHAKE_VARIANT)) {
else if (key->level == 5) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p,
DILITHIUM_LEVEL5_KEY_SIZE, output, inLen,
DILITHIUM_LEVEL5k);
}
else if ((key->level == 2) && (key->sym == AES_VARIANT)) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p,
DILITHIUM_LEVEL2_KEY_SIZE, output, inLen,
DILITHIUM_AES_LEVEL2k);
}
else if ((key->level == 3) && (key->sym == AES_VARIANT)) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p,
DILITHIUM_LEVEL3_KEY_SIZE, output, inLen,
DILITHIUM_AES_LEVEL3k);
}
else if ((key->level == 5) && (key->sym == AES_VARIANT)) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p,
DILITHIUM_LEVEL5_KEY_SIZE, output, inLen,
DILITHIUM_AES_LEVEL5k);
}
return BAD_FUNC_ARG;
}
@ -998,30 +909,18 @@ int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 inLen)
return BAD_FUNC_ARG;
}
if ((key->level == 2) && (key->sym == SHAKE_VARIANT)) {
if (key->level == 2) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0, output,
inLen, DILITHIUM_LEVEL2k);
}
else if ((key->level == 3) && (key->sym == SHAKE_VARIANT)) {
else if (key->level == 3) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0, output,
inLen, DILITHIUM_LEVEL3k);
}
else if ((key->level == 5) && (key->sym == SHAKE_VARIANT)) {
else if (key->level == 5) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0, output,
inLen, DILITHIUM_LEVEL5k);
}
else if ((key->level == 2) && (key->sym == AES_VARIANT)) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0, output,
inLen, DILITHIUM_AES_LEVEL2k);
}
else if ((key->level == 3) && (key->sym == AES_VARIANT)) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0, output,
inLen, DILITHIUM_AES_LEVEL3k);
}
else if ((key->level == 5) && (key->sym == AES_VARIANT)) {
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0, output,
inLen, DILITHIUM_AES_LEVEL5k);
}
return BAD_FUNC_ARG;
}

1754
wolfssl/certs_test.h
View File

File diff suppressed because it is too large Load Diff

10
wolfssl/internal.h
View File

@ -1610,13 +1610,6 @@ enum Misc {
DILITHIUM_LEVEL5_SA_MAJOR = 0xFE,
DILITHIUM_LEVEL5_SA_MINOR = 0xA5,
DILITHIUM_AES_LEVEL2_SA_MAJOR = 0xFE,
DILITHIUM_AES_LEVEL2_SA_MINOR = 0xA7,
DILITHIUM_AES_LEVEL3_SA_MAJOR = 0xFE,
DILITHIUM_AES_LEVEL3_SA_MINOR = 0xAA,
DILITHIUM_AES_LEVEL5_SA_MAJOR = 0xFE,
DILITHIUM_AES_LEVEL5_SA_MINOR = 0xAC,
MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
@ -3568,9 +3561,6 @@ enum SignatureAlgorithm {
dilithium_level2_sa_algo = 14,
dilithium_level3_sa_algo = 15,
dilithium_level5_sa_algo = 16,
dilithium_aes_level2_sa_algo = 17,
dilithium_aes_level3_sa_algo = 18,
dilithium_aes_level5_sa_algo = 19,
invalid_sa_algo = 255
};

6
wolfssl/wolfcrypt/asn.h
View File

@ -1095,9 +1095,6 @@ enum Key_Sum {
DILITHIUM_LEVEL2k = 213, /* 1.3.6.1.4.1.2.267.7.4.4 */
DILITHIUM_LEVEL3k = 216, /* 1.3.6.1.4.1.2.267.7.6.5 */
DILITHIUM_LEVEL5k = 220, /* 1.3.6.1.4.1.2.267.7.8.7 */
DILITHIUM_AES_LEVEL2k = 217,/* 1.3.6.1.4.1.2.267.11.4.4 */
DILITHIUM_AES_LEVEL3k = 221,/* 1.3.6.1.4.1.2.267.11.6.5 + 1 (See GetOID() in asn.c) */
DILITHIUM_AES_LEVEL5k = 224,/* 1.3.6.1.4.1.2.267.11.8.7 */
SPHINCS_FAST_LEVEL1k = 281, /* 1 3 9999 6 7 4 */
SPHINCS_FAST_LEVEL3k = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */
SPHINCS_FAST_LEVEL5k = 282, /* 1 3 9999 6 9 3 */
@ -2243,9 +2240,6 @@ enum cert_enums {
DILITHIUM_LEVEL2_KEY = 18,
DILITHIUM_LEVEL3_KEY = 19,
DILITHIUM_LEVEL5_KEY = 20,
DILITHIUM_AES_LEVEL2_KEY = 21,
DILITHIUM_AES_LEVEL3_KEY = 22,
DILITHIUM_AES_LEVEL5_KEY = 23,
SPHINCS_FAST_LEVEL1_KEY = 24,
SPHINCS_FAST_LEVEL3_KEY = 25,
SPHINCS_FAST_LEVEL5_KEY = 26,

6
wolfssl/wolfcrypt/asn_public.h
View File

@ -148,9 +148,6 @@ enum CertType {
DILITHIUM_LEVEL2_TYPE,
DILITHIUM_LEVEL3_TYPE,
DILITHIUM_LEVEL5_TYPE,
DILITHIUM_AES_LEVEL2_TYPE,
DILITHIUM_AES_LEVEL3_TYPE,
DILITHIUM_AES_LEVEL5_TYPE,
SPHINCS_FAST_LEVEL1_TYPE,
SPHINCS_FAST_LEVEL3_TYPE,
SPHINCS_FAST_LEVEL5_TYPE,
@ -199,9 +196,6 @@ enum Ctc_SigType {
CTC_DILITHIUM_LEVEL2 = 213,
CTC_DILITHIUM_LEVEL3 = 216,
CTC_DILITHIUM_LEVEL5 = 220,
CTC_DILITHIUM_AES_LEVEL2 = 217,
CTC_DILITHIUM_AES_LEVEL3 = 221,
CTC_DILITHIUM_AES_LEVEL5 = 224,
CTC_SPHINCS_FAST_LEVEL1 = 281,
CTC_SPHINCS_FAST_LEVEL3 = 283,

8
wolfssl/wolfcrypt/dilithium.h
View File

@ -65,16 +65,12 @@
#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE
#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE
#define SHAKE_VARIANT 1
#define AES_VARIANT 2
/* Structs */
struct dilithium_key {
bool pubKeySet;
bool prvKeySet;
byte level; /* 2,3 or 5 */
byte sym; /* SHAKE_VARIANT or AES_VARIANT */
byte p[DILITHIUM_MAX_PUB_KEY_SIZE];
byte k[DILITHIUM_MAX_PRV_KEY_SIZE];
};
@ -96,9 +92,9 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
WOLFSSL_API
int wc_dilithium_init(dilithium_key* key);
WOLFSSL_API
int wc_dilithium_set_level_and_sym(dilithium_key* key, byte level, byte sym);
int wc_dilithium_set_level(dilithium_key* key, byte level);
WOLFSSL_API
int wc_dilithium_get_level_and_sym(dilithium_key* key, byte* level, byte *sym);
int wc_dilithium_get_level(dilithium_key* key, byte* level);
WOLFSSL_API
void wc_dilithium_free(dilithium_key* key);